A previous audit report titled, Examination Division’s Use of Performance Measures and Statistics, dated July 7, 1998, identified concerns that led us to look at whether Examination Division’s emphasis on enforcement results caused taxpayers to be treated improperly. Our review focused on the individual tax returns selected for office audit through means other than the Discriminant Index Function (DIF), primarily through the Midwest Automated compliance System (MAcS).

Given the extent of control breakdowns identified during this audit, we cannot give assurance that IRS employees selected returns for examination fairly or that they protected taxpayers’ personal and financial data from unauthorized and improper disclosure. We also noted inappropriate actions taken by examiners and managers during the initiation and closing of audits that may have led to improper taxpayer treatment. In some instances, examiners may have violated laws or regulations. In other instances, IRS procedures were not followed.

Traditionally, DIF has been the primary workload identification system used to select individual tax returns for office audits. DIF scores each return for potential errors by means of a mathematical formula. The higher the score, the greater the probability for error. When the computer selects a return because of a high DIF score, an employee, generally in one of IRS’ Service centers, screens the return for some obvious explanation or innocent error. If none is found, the questionable return is usually forwarded to the district for audit consideration. This process provides IRS with controls to (1) identify and select returns for audit and (2) separate the duties among employees identifying, selecting and auditing tax returns.

comparatively, MAcS gives IRS employees a new and innovative way of identifying and selecting returns for audit. MAcS provides IRS employees in district offices the ability to use locally-derived, and possibly subjective, criteria to both identify and select returns for audit from the millions of returns filed within the district’s geographical boundaries.

IRS reports that MAcS, unlike most other IRS computer systems, has controlled access protection to prevent and detect unauthorized access and misuse of taxpayer data. Officials in IRS’ National Office developed comprehensive guidelines that outline additional procedures and controls to aid in protecting the security and privacy of taxpayer information on MAcS. However, our tests and on-site visits to 14 district office MAcS sites found a combination of factors that seriously undermined the entire MAcS control environment. For instance:

• Over a two-month period, IRS employees in 14 districts accessed over 3,600 accounts on MAcS that could not be traced to source documents that adequately explained the business purpose for the accesses. Vague MAcS research requests, such as "identify taxpayers in specific market segments that will produce productive examinations," were used as control documents to support hundreds of account accesses (5 of 14 districts). Public Law, Treasury Directives, and the Internal Revenue Manual (IRM) prohibit IRS employees from obtaining access to taxpayer accounts without a valid business purpose. We are coordinating with our Unauthorized Access (UNAX) Program to further investigate these potential violations.
• Inadequate separation of duties existed among IRS employees responsible for identifying, selecting, and auditing tax returns (7 of 14 districts).
• MAcS data discs containing return information were not adequately secured (4 of 14 districts).
• controls were not established over MAcS returns while they were screened for audit potential (12 of 14 districts).
• Audit trail files designed to detect an unauthorized access once it occurs were not reviewed, backed-up or maintained (13 of 14 districts).

Although IRS has established procedures to protect taxpayers during audits, we found examples of what we consider to be improper taxpayer treatment during the initiation and closing of office audits. For example:

• We found no evidence in 803 of 1,806 sample cases reviewed that IRS employees provided taxpayers with a Publication 1 (Your Rights as a Taxpayer) and/or Notice 609 (Privacy Act Notice) at the initiation of the audit, both of which are statutory requirements.
• IRS employees used discretionary enforcement powers in a way that appeared to create an unnecessary hardship for taxpayers. In 2 districts, 3,500 audits of low- income taxpayers claiming an Earned Income Tax credit were started by sending a 6-page questionnaire requesting more than 80 items of information. The items requested included amounts spent on food, clothing, gifts, and cosmetics. Much of the information requested was intrusive and had little, if any, relevance to the issues being questioned.
• IRS employees in 15 districts improperly closed 211 returns as "surveys" (non-examined disposals) instead of closing them as being "examined without a change" or "with an additional assessment." This practice reduced the reliability of program statistics and could lead to inadvertently violating the prohibition against repetitive audits under Internal Revenue code §7605 if the same tax period were subsequently examined.

The risk of selectively targeting taxpayers for examination and exposing the personal and financial data of millions of taxpayers to browsing and improper disclosure could be easier managed by centralizing the MAcS sites. A better separation of duties could be achieved between the IRS employees responsible for identifying potential MAcS returns for audit and the employees responsible for conducting the examination by locating MAcS in offices other than those that will be working the audits.

IRS management also needs to strengthen specific IRS controls and procedures for initiating and closing audits. These include (1) making sure examiners and managers are knowledgeable of procedures designed to protect taxpayers during audits and (2) expanding the quality assurance controls to address taxpayer rights.

Due to the significant risks inherent in the selection, initiation, and closing of examinations, and the current state of the controls designed to mitigate those risks, these areas should be declared material weaknesses under the Federal Manager’s Financial Integrity Act (FMFIA).

Management's Response: The commissioner of the Internal Revenue Service provided comments on a draft of this report in a February 12, 1999, letter.